package com.stone.project.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;

/**
 * @author stone
 * 创建日期  2022/11/7
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true, securedEnabled = true)
public class SecurityConfigAdapterImpl extends WebSecurityConfigurerAdapter {
    @Autowired
    private ConsumorAccessManager consumorAccessManager;

    @Autowired
    private ConsumorFilterInvocationSecurityMetadataSource consumorFilterInvocationSecurityMetadataSource;


    @Override
    public void configure(WebSecurity web) {
        // 忽略登录界面  ????
//        web.ignoring().antMatchers("/auth/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http.authorizeRequests()
                .antMatchers("/auth/login").permitAll()
                .anyRequest().authenticated()
        .and()
        .authorizeRequests()

//       自定义鉴权，不配置这个的花，就是使用http对象配置的鉴权对象
        .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
            @Override
            public <O extends FilterSecurityInterceptor> O postProcess(O object) {
                object.setAccessDecisionManager(consumorAccessManager);
                object.setSecurityMetadataSource(consumorFilterInvocationSecurityMetadataSource);
                return object;
            }
        })

//        自定义异常处理
        .and()
        .exceptionHandling()
        .authenticationEntryPoint(((httpServletRequest, httpServletResponse, e) -> {
            httpServletResponse.getWriter().write("登陆失败！");
        }))
        .accessDeniedHandler((httpServletRequest, httpServletResponse, e) -> {
            httpServletResponse.getWriter().write("权限不足");
        })
        ;
    }

    /**
     *    不然authbean就没了！！！！！！
     * @return
     * @throws Exception
     */
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
